Skip to content

Commit 3259bd1

Browse files
VenkatasivareddyTRVenkatasivareddyTR
committed
Neptune CVE issues fix
1 parent 20c237d commit 3259bd1

File tree

1 file changed

+13
-0
lines changed

1 file changed

+13
-0
lines changed

athena-neptune/pom.xml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,16 @@
1313
<gremlinDriverVersion>3.7.4</gremlinDriverVersion>
1414
<neptune.sigv4.signer.version>3.1.0</neptune.sigv4.signer.version>
1515
</properties>
16+
<dependencyManagement>
17+
<dependencies>
18+
<!-- Fix for CVE-2025-48734: Override commons-beanutils version from Gremlin transitive dependencies -->
19+
<dependency>
20+
<groupId>commons-beanutils</groupId>
21+
<artifactId>commons-beanutils</artifactId>
22+
<version>1.11.0</version>
23+
</dependency>
24+
</dependencies>
25+
</dependencyManagement>
1626
<dependencies>
1727
<dependency>
1828
<groupId>com.amazonaws</groupId>
@@ -176,6 +186,9 @@
176186
<exclude>META-INF/*.SF</exclude>
177187
<exclude>META-INF/*.DSA</exclude>
178188
<exclude>META-INF/*.RSA</exclude>
189+
<!-- Fix for CVE-2025-48924: Exclude old commons-lang3 metadata from commons-configuration2 -->
190+
<exclude>META-INF/maven/org.apache.commons/commons-configuration2/pom.xml</exclude>
191+
<exclude>META-INF/maven/org.apache.commons/commons-configuration2/pom.properties</exclude>
179192
</excludes>
180193
</filter>
181194
</filters>

0 commit comments

Comments
 (0)